Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.
Practical Privacy & Securityfor Marketing ProfessionalsTris Hussey, Community Manager, eCryptTechnologies
Most of us don’t take onlinesecurity seriously There are lot’s of other people out there It won’t (or isn’t likely to) hap...
Cyber Crime Is Growing It’s where the money is Easy to get lots of information quickly Borderless and no geographic constr...
Tonight’s Take-awaysSafer browsingBetter passwordsSecure emailKeeping security top of mind for you and your clients
TermsSSLWPA, WPA2, WEPAES128/AES256SidejackingPacket snifferBrute force attackSocial engineering
Safer browsing Open WiFi is not safe   Period. Firesheep only drew attention to existing flaws “Just browsing” can expose ...
Scary example timeThis afternoon at a favourite coffee place...
While having my coffee...
While having my coffee... And working on this presentation
While having my coffee... And working on this presentation I captured some packets
While having my coffee... And working on this presentation I captured some packets Did some fleecing
While having my coffee... And working on this presentation I captured some packets Did some fleecing Got a few passwords
While having my coffee... And working on this presentation I captured some packets Did some fleecing Got a few passwords W...
Simple Solutions Don’t use unlocked WiFi if you can help it Set Facebook to always use SSL Force SSL/HTTPS connections to ...
What about Hotspot VPNs?I’ve had mixed results with free ones  Bandwidth caps  Poor performanceNot sure about paying for a...
FacebookSet Facebook to alwaysuse SSL  Under “My Account”
FacebookSet Facebook to alwaysuse SSL  Under “My Account”Check Facebook PrivacySettings for changes
Foursquare & Location Who are your “friends” on these services? What should you share? When should you share it? Are we be...
What we share says a lot Sarah Palin’s Yahoo was hacked using publicly available information to guess her “secret question...
PasswordsGood passwords are essential to online securityA weak password jeopardizes an entire company  Example: Twitter ha...
PasswordsDon’t reuse passwords for multiple services  Yes, it sucks to have to remember them  A password manager like 1Pas...
How to create a goodpasswordThink phrases, not wordsUse substitutionsUse random passwords
Password example
Password exampleHave pizza for dinner
Password exampleHave pizza for dinnerhavepizzafordinner
Password exampleHave pizza for dinnerhavepizzafordinnerH@v3p1zz@forDinn3r
Password exampleHave pizza for dinnerhavepizzafordinnerH@v3p1zz@forDinn3rH@v3p1zz@4Dinn3r
Password exampleHave pizza for dinnerhavepizzafordinnerH@v3p1zz@forDinn3rH@v3p1zz@4Dinn3rH@v3p1zz@4Dinn3r!
Password exampleHave pizza for dinnerhavepizzafordinnerH@v3p1zz@forDinn3rH@v3p1zz@4Dinn3rH@v3p1zz@4Dinn3r!H@v3p1zz@4Dinn3R!
How safe is that? According to howsecureismypassword.net It would take 9 quadrillion years for a desktop PC to crack it.
Standard email is insecure It’s the electronic equivalent of mailing a postcard Yes, many services secure your connection ...
Encrypting email hasn’t beeneasy PGP is no fun to use BES isn’t as secure as you think   Once email leaves your BES it’s p...
Why it’s essential More and more sensitive business is done over email   Contracts   Strategic plans   Marketing tactics  ...
When was the last time... You mailed a contract on a postcard? Had a bill that didn’t come in an envelope?
When was the last time... You emailed a contract to someone? You emailed financial information to your accountant? You dis...
eCrypt.me is a solution forsecure email Easy, web-based secure, encrypted email Free during the beta. Sign up at https://w...
eCrypt.me
eCrypt.me
eCrypt.me
eCrypt.me
eCrypt.me  https://www.eCrypt.me/
Privacy, Security, & YourClients What information are you asking users to provide?   Do you really need their birthday?   ...
Storing data What is stored in the clear on your laptop? Should you encrypt everything? It’s all about control.
Whole disk encryption If I told you, I’d have to kill you Forget your password   And you’re hooped Try encrypted partition...
Don’t forget backups! Part of security is disaster recovery Options   TimeMachine   Carbonite   Mozy   Crashplan (my fav) ...
Questions?Thank you!Contact info:  tris@ecryptinc.com  Twitter: trishussey and ecrypt  http://yourprivacyisourbusiness.com/
Practical Privacy and Security
Practical Privacy and Security
Practical Privacy and Security
Upcoming SlideShare
Loading in …5
×

Practical Privacy and Security

1,233 views

Published on

Slides from my Third Tuesday Vancouver talk "Practical Privacy and Security for Marketing Professionals"

Published in: Technology
  • Be the first to comment

  • Be the first to like this

Practical Privacy and Security

  1. 1. Practical Privacy & Securityfor Marketing ProfessionalsTris Hussey, Community Manager, eCryptTechnologies
  2. 2. Most of us don’t take onlinesecurity seriously There are lot’s of other people out there It won’t (or isn’t likely to) happen to me How risky is it, really?
  3. 3. Cyber Crime Is Growing It’s where the money is Easy to get lots of information quickly Borderless and no geographic constraints Low cost of of entry Easy to learn
  4. 4. Tonight’s Take-awaysSafer browsingBetter passwordsSecure emailKeeping security top of mind for you and your clients
  5. 5. TermsSSLWPA, WPA2, WEPAES128/AES256SidejackingPacket snifferBrute force attackSocial engineering
  6. 6. Safer browsing Open WiFi is not safe Period. Firesheep only drew attention to existing flaws “Just browsing” can expose your Facebook & Twitter logins Assume that when on open WiFi you’re being snooped on.
  7. 7. Scary example timeThis afternoon at a favourite coffee place...
  8. 8. While having my coffee...
  9. 9. While having my coffee... And working on this presentation
  10. 10. While having my coffee... And working on this presentation I captured some packets
  11. 11. While having my coffee... And working on this presentation I captured some packets Did some fleecing
  12. 12. While having my coffee... And working on this presentation I captured some packets Did some fleecing Got a few passwords
  13. 13. While having my coffee... And working on this presentation I captured some packets Did some fleecing Got a few passwords Wanna see?
  14. 14. Simple Solutions Don’t use unlocked WiFi if you can help it Set Facebook to always use SSL Force SSL/HTTPS connections to Facebook, Twitter, etc. Extensions for Chrome, Firefox, IE, and Safari Use your smartphone to connect to the Internet instead of WiFi
  15. 15. What about Hotspot VPNs?I’ve had mixed results with free ones Bandwidth caps Poor performanceNot sure about paying for a VPN for casual useFor the geeky among us... Gina Tripani’s SSH proxy tunnel trick: http://tris.me/ sshsocks
  16. 16. FacebookSet Facebook to alwaysuse SSL Under “My Account”
  17. 17. FacebookSet Facebook to alwaysuse SSL Under “My Account”Check Facebook PrivacySettings for changes
  18. 18. Foursquare & Location Who are your “friends” on these services? What should you share? When should you share it? Are we being careful enough?
  19. 19. What we share says a lot Sarah Palin’s Yahoo was hacked using publicly available information to guess her “secret questions” Who you are meeting with can reveal strategies It’s more than a tweet or a status update.
  20. 20. PasswordsGood passwords are essential to online securityA weak password jeopardizes an entire company Example: Twitter hack of 2010. One weak password let a someone get to much more sensitive passwords
  21. 21. PasswordsDon’t reuse passwords for multiple services Yes, it sucks to have to remember them A password manager like 1Password or LastPass makes it easierPasswords should be: At least 8-10 characters long Use UpPer aNd loWer casE letTErs Us3 nuMb3rS U$3 $YmB0l$!
  22. 22. How to create a goodpasswordThink phrases, not wordsUse substitutionsUse random passwords
  23. 23. Password example
  24. 24. Password exampleHave pizza for dinner
  25. 25. Password exampleHave pizza for dinnerhavepizzafordinner
  26. 26. Password exampleHave pizza for dinnerhavepizzafordinnerH@v3p1zz@forDinn3r
  27. 27. Password exampleHave pizza for dinnerhavepizzafordinnerH@v3p1zz@forDinn3rH@v3p1zz@4Dinn3r
  28. 28. Password exampleHave pizza for dinnerhavepizzafordinnerH@v3p1zz@forDinn3rH@v3p1zz@4Dinn3rH@v3p1zz@4Dinn3r!
  29. 29. Password exampleHave pizza for dinnerhavepizzafordinnerH@v3p1zz@forDinn3rH@v3p1zz@4Dinn3rH@v3p1zz@4Dinn3r!H@v3p1zz@4Dinn3R!
  30. 30. How safe is that? According to howsecureismypassword.net It would take 9 quadrillion years for a desktop PC to crack it.
  31. 31. Standard email is insecure It’s the electronic equivalent of mailing a postcard Yes, many services secure your connection with SSL But the messages are stored in plain text IT has access to the servers And your messages
  32. 32. Encrypting email hasn’t beeneasy PGP is no fun to use BES isn’t as secure as you think Once email leaves your BES it’s plain text again BIS? Nothing. Commercial solutions are expensive Getting people to use email encryption is like asking bloggers to turn down freebies
  33. 33. Why it’s essential More and more sensitive business is done over email Contracts Strategic plans Marketing tactics Private conversations Financial information
  34. 34. When was the last time... You mailed a contract on a postcard? Had a bill that didn’t come in an envelope?
  35. 35. When was the last time... You emailed a contract to someone? You emailed financial information to your accountant? You discussed strategies with clients over email?
  36. 36. eCrypt.me is a solution forsecure email Easy, web-based secure, encrypted email Free during the beta. Sign up at https://www.eCrypt.me/
  37. 37. eCrypt.me
  38. 38. eCrypt.me
  39. 39. eCrypt.me
  40. 40. eCrypt.me
  41. 41. eCrypt.me https://www.eCrypt.me/
  42. 42. Privacy, Security, & YourClients What information are you asking users to provide? Do you really need their birthday? Gender? How are you storing that information? There are rules you know
  43. 43. Storing data What is stored in the clear on your laptop? Should you encrypt everything? It’s all about control.
  44. 44. Whole disk encryption If I told you, I’d have to kill you Forget your password And you’re hooped Try encrypted partitions for some files: Knox (commercial - Mac) TrueCrypt (open source)
  45. 45. Don’t forget backups! Part of security is disaster recovery Options TimeMachine Carbonite Mozy Crashplan (my fav) Dropbox (my Dept of Redundancy Bureau)
  46. 46. Questions?Thank you!Contact info: tris@ecryptinc.com Twitter: trishussey and ecrypt http://yourprivacyisourbusiness.com/

×